-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2018.0071
      Security vulnerabilities patched in Microsoft development tools
                               11 April 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              ChakraCore
                      Microsoft Visual Studio
                      Microsoft Wireless Keyboard 850
Operating System:     Windows
Impact/Access:        Execute Arbitrary Code/Commands -- Remote with User Interaction
                      Read-only Data Access           -- Remote with User Interaction
                      Unauthorised Access             -- Console/Physical            
Resolution:           Patch/Upgrade
CVE Names:            CVE-2018-8117 CVE-2018-1037 CVE-2018-1023
                      CVE-2018-1019 CVE-2018-0995 CVE-2018-0994
                      CVE-2018-0993 CVE-2018-0990 CVE-2018-0980
                      CVE-2018-0979  
Member content until: Friday, May 11 2018

OVERVIEW

        Microsoft has released its monthly security patch update for the month of
        April 2018. [1]  This update resolves 10 vulnerabilities across the following
        products:
         ChakraCore
         Microsoft Visual Studio 2010 Service Pack 1
         Microsoft Visual Studio 2012 Update 5
         Microsoft Visual Studio 2013 Update 5
         Microsoft Visual Studio 2015 Update 3
         Microsoft Visual Studio 2017
         Microsoft Visual Studio 2017 Version 15.6.6
         Microsoft Visual Studio 2017 Version 15.7 Preview
         Microsoft Wireless Keyboard 850


IMPACT

        Microsoft has given the following details regarding these vulnerabilities.
        
         Details         Impact                   Severity
         CVE-2018-0979   Remote Code Execution    Critical
         CVE-2018-0980   Remote Code Execution    Critical
         CVE-2018-0990   Remote Code Execution    Critical
         CVE-2018-0993   Remote Code Execution    Critical
         CVE-2018-0994   Remote Code Execution    Critical
         CVE-2018-0995   Remote Code Execution    Critical
         CVE-2018-1019   Remote Code Execution    Critical
         CVE-2018-1023   Remote Code Execution    Critical
         CVE-2018-1037   Information Disclosure   Important
         CVE-2018-8117   Security Feature Bypass  Important


MITIGATION

        Microsoft recommends updating the software with the version made available on
        the Microsoft Update Catalogue for the following Knowledge Base articles. [1]
        
        
         KB4089501, KB4089283, KB4091346, KB4087371


REFERENCES

        [1] Security Update Guide
            https://portal.msrc.microsoft.com/en-us/security-guidance

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWs1uy4x+lLeg9Ub1AQjqzg/+NxHoG5K6QaRKaapPWk7ItvEdVA9ua2CK
zRnd1yC2kzZkFZDDY+u/Jq0+LB+rz7NQo3hrBSyYx0kmQ/dhnMD2Bt6Drkg0Y3FR
iAX5vJd2UdmSDEajpyENIpt+TiP5R01NGKLBX4P7uATFISnPv20QLgZXQt/Of+vQ
VCBPdVUDP2/QH+6mIl9My6iX3e+WA8AcZay/zxvNanSwdydO4KsfgbXFuTlvvosW
q6ND/kHc73TxepJfGUvntxdgzOKoThFbvYLn61F02iZydZShya9LrsJCd4Esb2PH
+vobxxg1bzFNTJxjMjzjfcm5QbgxFC9KAx20ZS93Ye/Z3Hirxi03osMQk5WatemP
VAbTWtgrKZ2NNuTVd4n8V8ME7fFjlzK3tEIqPJPda9QbdSJiaOvgMfEcXB/3sJ50
G+pxEaPBwSuJ/7OpIvzy4OG7gyf8ksrn4R2PRN+2FVIeez6qy2sySZW8aqS2+6yk
TnUzhVwj20sitBNVk+6nfg6hmwOaGH19gu/1oT6HNCOXQ5sCeXX7z3sq2SgVpIdW
0zLG5KzjCu2gPpa+pgr+28QytoKIcgFyQNRlPFiL8+e+9ym8kgHTtCM4cc/pDYNL
hi3SMt9/iPmGCVyH7RmS3xku5kxdawv1suG0QtUlsyaahoEZ6MEqnXLMoJ+jiuvw
ExaZtzPBx0w=
=9R1m
-----END PGP SIGNATURE-----